Bulletproofing Web Applications

Adam Kolawa

Subscribe to Adam Kolawa: eMailAlertsEmail Alerts
Get Adam Kolawa via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Adam Kolawa

Dr Adam Kolowa (pictured), Founder & CEO of Parasoft and panelist at SYS-CON Events'  "SOA Web Services Power Panel" at SOA Web Services Edge Conference & Expo - June 5-6, 2006 - in New York City, writes: Security has the inherent nature of spanning many different layers of a Web Services system. Web Services vulnerabilities can be present in the operating system, the network, the database, the Web server, the application server, the XML parser, the Web Services implementation stack, the application code, the XML firewall, the Web Service monitoring or management appliance, or just about any other component in your Web Services system. Therefore security testing, which is important for any software application, is even more crucial for Web Services. This article explores security issues specific to Web Services and illustrates the engineering and testing best practic... (more)

It's Time to Prevent Poorly-Written XML

Since its inception XML has at times been seen as the cure-all for every problem related to Web applications and integration projects. However, poorly written XML can either slow down an integration project, or worse, cause the integration project to collapse. When developing integration systems such as Web services or any other business-to-business function, developers may encounter the following problems when writing XML: Non-verifiable code - XML is supposed to be easily validated by use of Document Type Definitions (DTDs) or schemas. Frequently however, DTDs and schemas may... (more)

Choosing the Best Testing Tools to Increase Project Productivity

The primary mission of information technology is to improve business processes and increase profits. Companies are constantly rethinking and struggling with how to use IT to a competitive advantage, reduce IT operating and maintenance costs, and reduce the total cost of ownership… all while attempting to deliver increased value. Most of these problems can be traced to the same source: the struggle to make software work - without incurring unreasonable costs. Thus, it all seems to lead back to cost, which raises the question of why software development is so costly. Most p... (more)

SOA & Web Services - Is It Done Yet?

It's difficult to determine how much time to spend reviewing and testing your code before checking it in to the team's shared code base. On the one hand, you want to complete and check in code as rapidly as possible so you can meet deadlines and move on to developing new code or getting started on other projects. After all, you went into software development to develop, not to test. Yet, if you move too fast, you might end up checking in code that causes bugs-immediately upon integration, or later on when the code is reused, extended, or maintained. In that case, any time that y... (more)

Building Security into Software with Security Policies & Static Analysis

The common approach to securing applications is to try to identify and remove all of the application's security vulnerabilities at the end of the development process. However, this bug-finding approach is not only resource-intensive, it's largely ineffective. To have any chance of exposing all of the security vulnerabilities that may be nested throughout the application, the team would have to identify every single path through the application then rigorously test each and every one. And any error found would be difficult to fix, considering that the effort, cost, and time requ... (more)